Akamai Technologies is introducing a cloud-based managed service called Web Application Firewall it claims will head off the bulk of Web applications attacks before they get inside corporate datacenters.

Application firewalls within Akamai's network of more than 55,000 servers worldwide weed out the most common application exploits including SQL injection, cross-site scripting, and others listed by the Open Web Application Security Project as the most prevalent.

Akamai says the service is compliant with the wide-area file services (WAF) program specified in Payment Card Industry standards for Web application firewalls.The service is based on the core rule set of the open source ModSecurty Web application firewall, which is administered by Breach Security. "It stops the big, bad, well-understood stuff," says Sanjay Meta, senior vice president of Breach. "Anything more elegant, not findable by a signature, you need something more sophisticated. You can only do so much at the edge."

He describes the Akamau service as complementary to corporate-based WAFs, but valuable because it reduces the amount of traffic the private gear has to filter, and it can cut the bandwidth chewed up by malicious traffic. Akamai says it has blocked attacks headed at customer networks at 100Gbps, which would be enough to swamp the privately owned filtering resources of many businesses.

Customers who also buy Breach's WebDefend Global Event Manager management platform can tap into Akamai's worldwide security-event data to find out details about the attacks that the service blocks, Breach says.

Pricing for Web Application Firewall depends on how many applications customers want to protect and the size of their Internet connections.

This story, "Akamai service to stop datacenter attacks" was originally published by
Network World.